Archive for October, 2006

Dealing with Spam

Tuesday, October 31st, 2006

I am writing this with a view to advising clients who have their email hosted on my server environment but much of the discussion is relevent to anyone with an internet email address.

First some definitions:

Email Server: This is the computer out there somewhere on the internet that handles all the mail being sent to individual accounts under a given domain. For example, if you have an email account with Verizon or Comcast (i.e. yourname@verizon.net or yourname@comcast.net) then any mail sent to you is initially sent to the verizon.net or comcast.net email servers.

Email Client: Is the software mechanism that you use to access and read your email. Common email clients are Microsoft Outlook Express, Microsoft Outlook, Mozilla Thunderbird, Apple Mail, Microsoft Entourage, and Eudora. These clients just listed all run on your PC, Macintosh, or Linux machine. There are also web-based email clients such as Google GMail, Yahoo Mail, Microsoft Hotmail, Horde, SquirrelMail, and others.

So, if I were to send you an email from my office computer the steps involved would be as follows:

  1. I would compose the email on my local computer using an email client (in my case, Mozilla Thunderbird).
  2. Once I am ready to send the email (having addressed it to yourname@yourdomain.com), I would click the send button in my Thunderbird client.
  3. Thunderbird would then contact an outgoing email server (usually either an SMTP or Microsoft Exchange server) and request that the email be sent. The outgoing email server will usually require me to provide it a login and password combination. In my case, the outgoing email server could be owned by my broadband provider (Verizon), or by my hosting environment (SalemDesign.com).
  4. Assuming Thunderbird provided a valid login/password combination, the outgoing email server will upload my email. It then looks at the address yourname@yourdomain.com and sends the email off across the internet to your incoming email server. (It is a tad more complicated than that but we don’t want to get bogged down in those details.)
  5. The incoming email server associated with yourdomain.com receives the email and it will check to see if it “knows” about an email account belonging to “yourname”. If you do have a valid account on the incoming email server then the email gets stored in that account.
  6. The next time you run your email client, it will query the incoming email server and “ask” if you have any emails waiting to be read. If you do, those emails get downloaded to your email client and (usually) deleted off the incoming email server. You can then open the individual emails and read them.

One would like, of course, all these emails that get downloaded to our email clients to be ones we want to read (i.e. from friends, business associates, etc.). Unfortunately, as we all know too well, most of the email we receive is junk or worse from people trying to sell us something we don’t want or worse.

How do our email addresses get onto spammer lists?

Spambots: These are software mechanisms that “crawl” over the websites (in the same way as search engine spiders used by Google and Yahoo do) and identify and collect email addresses (basically anything that looks like blahblah@blahblah.com or .net, or .edu, etc.). Given the existence of these evil mechanisms, any time you have your email address listed on a website whether it is your own or someone else’s, then you will be getting spam.

SelfInflicted: Anytime you provide your email to someone else, they may turn around and use it to spam you or sell your address to someone else who does. So be careful who you give your email address to… Even if they are apparently legit, ask them if you have to provide your email address and ask them how they use their lists and whether they sell or provide them to third parties.

Domain Registrations: any email used as part of a domain registration is publi